Coming October 25: PeerSpot Awards will be announced! Learn more

Cisco Secure Network Analytics OverviewUNIXBusinessApplication

Cisco Secure Network Analytics is #2 ranked solution in top Network Detection and Response (NDR) tools and #3 ranked solution in Network Traffic Analysis tools. PeerSpot users give Cisco Secure Network Analytics an average rating of 8.2 out of 10. Cisco Secure Network Analytics is most commonly compared to Darktrace: Cisco Secure Network Analytics vs Darktrace. Cisco Secure Network Analytics is popular among the large enterprise segment, accounting for 69% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a comms service provider, accounting for 26% of all views.
Cisco Secure Network Analytics Buyer's Guide

Download the Cisco Secure Network Analytics Buyer's Guide including reviews and more. Updated: September 2022

What is Cisco Secure Network Analytics?

Outsmart emerging threats in your digital business with industry-leading machine learning and behavioral modeling provided by Secure Network Analytics (formerly Stealthwatch). Know who is on the network and what they are doing using telemetry from your network infrastructure. Detect advanced threats and respond to them quickly. Protect critical data with smarter network segmentation. And do it all with an agentless solution that grows with your business.

Cisco Secure Network Analytics was previously known as Cisco Stealthwatch, Cisco Stealthwatch Enterprise, Lancope StealthWatch.

Cisco Secure Network Analytics Customers

Edge Web Hosting, Telenor Norway, Ivy Tech Community College of Indiana, Webster Financial Corporation, Westinghouse Electric, VMware, TIAA-CREF

Cisco Secure Network Analytics Pricing Advice

What users are saying about Cisco Secure Network Analytics pricing:
  • "This is an expensive product. We have quit paying for support because we don't want to have to upgrade it and keep paying for it."
  • "There are additional licenses needed for the number of so-called network flows. It's hard to plan the number of flows you need in the network, this is a problem. The price of the Cisco Stealthwatch is relatively inexpensive"
  • "It has a subscription model. There is yearly support, and there is also three-year support. It depends on what the customers want."
  • Cisco Secure Network Analytics Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Enterprise Information Security Architect at a agriculture with 5,001-10,000 employees
    Real User
    Top 10
    Provides valuable security knowledge and helps us improve network performance
    Pros and Cons
    • "It has definitely helped us improve our mean time to resolution on network issues."
    • "Many of these tools require extensive on-premises hardware to run."

    What is our primary use case?

    From a security perspective, we are watching for behind the scenes data exfiltration, or tubulous, or malicious network traffic, that our other tools may not be detecting at a basic network layer.

    We are also using it for performance issues in trying to figure out if a site is experiencing issues with slowness. Also, we try to determine things like whether we are exceeding the bandwidth of the link or whether there is a bottleneck or something that's not negotiating correctly on the network.

    Also, we use it for TAP to try and do inline network traffic analysis from a security perspective or from a performance perspective as well.

    How has it helped my organization?

    It has definitely helped us improve our mean time to resolution on network issues.

    From a security perspective, I think they've been good as far as giving us knowledge.

    I wouldn't say it's really transformed what we do. It's just another tool that gives us the information we need or helps alarms for us. But it only alarms on a handful of things. I think there are six or eight alerts that we've deemed critical.

    Beyond that, it's just mostly the performance where I think it helps out. But that's like any NetFlow performance tool. Having insight into what's going across your network is critical for any huge network to function correctly.

    What is most valuable?

    The most valuable feature of this solution is the ability to do TAPs because we have a distributed network.

    The ability to set up one tool to stream that data over to us has been helpful because that way, we don't have to have other infrastructure and be really close to where the activity is. 

    The security features have been good for helping create some correlation. For example, when you tap in, what else happens from the network perspective. 

    Otherwise, just the general network performance monitoring is probably the number one thing that gets used. If we're having slowness issues then it can tell us what the bandwidth and usage are. We can find things like what is using up all the bandwidth and then find out how can we break that apart or route that differently, through a different WAN connection or internet connection.

    What needs improvement?

    An issue that we are having is that people have tools to do a security analysis of network traffic and people have tools that do NetFlow analysis, but typically the security tools do the NetFlow as well. We need the security piece and there are many good NetFlow tools out there, but they don't have that. I feel like they didn't segregate the product classes enough.

    When you're doing research, you are looking for network traffic analysis, not NetFlow tools or network performance monitoring. This is the type of thing that I have been running into. You have to search for something that sounds very much like the other things, but it's not.

    Many of these tools require extensive on-premises hardware to run. It is for their own performance and to support their own tools, including machine learning. It's as though you have to buy this hardware stack, and I feel that contributes to the price. This is versus having my collected data and then feeding it up into the cloud. I feel like a lot of monitoring tools or a lot of analysis tools are going that route. I don't think that StealthWatch is there, yet. It isn't good when you get to the point where you need to buy a huge stack of hardware. Instead, I just pay a license for how much data I send to the cloud. It is maintained there and that way, year after year I don't have to buy new hardware when it goes end-of-life.

    Buyer's Guide
    Cisco Secure Network Analytics
    September 2022
    Learn what your peers think about Cisco Secure Network Analytics. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
    634,325 professionals have used our research since 2012.

    For how long have I used the solution?

    The company has been using Cisco Stealthwatch for a couple of years, but I have only been with the company for less than one year.

    What do I think about the stability of the solution?

    I have not been made aware of any stability issues with the tool. 

    What do I think about the scalability of the solution?

    My understanding is that it has been easy to scale, although I was not around for it. We have not had astronomical growth, but it sounds like it runs stable and there haven't been any performance issues with it.

    We have 10 to 20 threat prevention engineers and network engineers of various levels who use it.

    How are customer service and support?

    I have not been in contact with technical support.

    Which solution did I use previously and why did I switch?

    I have not used another similar solution in the past. I think the only thing that would even come close was using Azure Advanced Threat Analytics, but that only really analyzes network traffic coming to the domain. It checks, for example, if there is sketchy network traffic hitting your domain controllers.

    In my previous jobs, I used network performance tools, but nothing that was the same as StealthWatch where it combines that performance and security analysis together.

    What's my experience with pricing, setup cost, and licensing?

    This is an expensive product. We have quit paying for support because we don't want to have to upgrade it and keep paying for it.

    Which other solutions did I evaluate?

    I looked at the capabilities of SolarWinds NetFlow and realized that it can't replace our Cisco StealthWatch.

    What other advice do I have?

    We are using the previous version.

    Our situation was that it was really expensive to keep up maintenance and the hardware was about to go end of life, which meant that we had to purchase a new hardware stack. Also, we were trying to get out of the data center business, so keeping StealthWatch is not really an option.

    It doesn't fit where our company wants to go, but at the same time, it's one of three products out there that actually does what it does. Otherwise, you have to start linking NetFlow into the UEBA space.

    My advice for anybody who is considering StealthWatch is that if you're going to maintain an on-prem network, I think it's a good solution. That is if you want to feed the bill and have something that is top of the line. But if you have a cloud journey underway and you're trying to downsize your data centers, it's going to add a big hardware footprint. This is just something to consider.

    Overall, this is a good product but it would be better if it were cheaper and it fit our future plans better. Everybody had been happy with it, and the major reasons we're getting away from it are the footprint and the costs.

    I would rate this solution an eight out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Senior Security Engineer at a tech services company with 501-1,000 employees
    MSP
    Plenty of add-ons, helpful support, and beneficial network visibility
    Pros and Cons
    • "Cisco Stealthwatch has predefined alerts for different types of security issues that might happen in the network. Whether it's PCs or servers that are used for botnets or Bitcoin mining we receive the alerts automatically. This functionality is what we receive from the solution out of the box."
    • "Cisco Stealthwatch can improve by having bundled packages for popular add-ons. It would be a lot easier for people implementing it, have let's say a better way to use the product."

    What is our primary use case?

    We use Cisco Stealthwatch to monitor network traffic and make network traffic analytics on east, west, north, and south traffic in our company.

    How has it helped my organization?

    Cisco Stealthwatch has improved our organization because it has brought visibility that we didn't have previously before implementing it. We have information about all of the devices on the network, which include network devices, such as routers, firewalls, et cetera, and endpoint devices, such as users' laptops or servers. The information that we can receive includes what network traffic the user processes. For example, what network traffic gets to our servers and the network traffic that originates from our laptops and user machines.

    We have a better understanding of the network which allows us to tweak our security policies from the information we receive.

    What is most valuable?

    Cisco Stealthwatch has predefined alerts for different types of security issues that might happen in the network. Whether it's PCs or servers that are used for botnets or Bitcoin mining we receive the alerts automatically. This functionality is what we receive from the solution out of the box.

    The solution has a lot of add-on features available.

    What needs improvement?

    Cisco Stealthwatch can improve by having bundled packages for popular add-ons. It would be a lot easier for people implementing it, have let's say a better way to use the product.

    For how long have I used the solution?

    I have used Cisco Stealthwatch within the last 12 months.

    What do I think about the stability of the solution?

    The performance of the Cisco Stealthwatch is good. We haven't encountered any issue regarding performance, or that it cannot handle all the traffic that it receives.

    What do I think about the scalability of the solution?

    The solution is scalable, it can be done easily. I don't see any problem with us expanding our network and for the solution to be able to accommodate our needs.

    Our company has approximately 1,000 people employed and they all use Cisco Stealthwatch. We have administrators that can access it and do work on a daily basis in order to see alerts and inspect all the potential problems in the network.

    How are customer service and support?

    We haven't had any issues with somebody from Cisco assisting us with any technical needs.  We have attended several workshops during the time that we wanted to implement Cisco Stealthwatch. We were at the workshops to get a full perspective on the solution and see what they have planned for the future for new features. The training workshops were not something that we specifically asked for. It was not tailored to us. It was open for Cisco partners, which we are as well. We haven't had any technical issues in our contact with Cisco technical support for any of our needs.

    Which solution did I use previously and why did I switch?

    We have not used a previous solution because Cisco Stealthwatch is a relatively new concept on the market and we haven't used or looked into any other similar solutions from that category.

    How was the initial setup?

    The implementation of the Cisco Stealthwatch should be easier. It is not very complex but it could be made easier. We had the solution up and running in approximately one business day.

    What about the implementation team?

    We did the implementation of the solution ourselves. We did not need any assistance from any integrator.

    One person is enough for maintenance, patching, and overall support of the solution. As we follow best practice, we use two people, because having two sets of eyes it's better than having just one. However, it is able to be maintained by one person. 

    What's my experience with pricing, setup cost, and licensing?

    The licensing model for Cisco Stealthwatch can make it difficult for using to get the most out of the solution.

    We looking or determining if Cisco Stealthwatch is an expensive or inexpensive solution is difficult because it is relative. However, the licenses are able to be purchased at different intervals, such as annually or every three years. The licensing is generally based on, features or sub-product categories.

    There are additional licenses needed for the number of so-called network flows. It's hard to plan the number of flows you need in the network, this is a problem. The price of the Cisco Stealthwatch is relatively inexpensive.

    What other advice do I have?

    I would recommend Cisco Stealthwatch to others.

    The advice I would give others is to think about what they want to achieve from the Cisco Stealthwatch, whether it's monitoring their traffic in the data center or monitoring their endpoint users. When they make this plan or have it clear in their mind, then purchase all the necessary items in order for the solution to work according to their needs. This is one of the key points that the people or customers need to know before they delve into purchasing this solution.

    I rate Cisco Stealthwatch an eight out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Cisco Secure Network Analytics
    September 2022
    Learn what your peers think about Cisco Secure Network Analytics. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
    634,325 professionals have used our research since 2012.
    Mark Lavine - PeerSpot reviewer
    Airway Transportation Service Specialist at Federal Aviation Administration
    Real User
    Allowed us to effectively monitor network traffic and analyze anomalies
    Pros and Cons
    • "From what I understand, you can encrypt and unencrypt traffic moving in transit. This is one of the features that we liked about it."
    • "We determined that Stealthwatch wouldn't provide the machine learning model that we required."

    What is our primary use case?

    Five engineers and I were testing this solution. We were looking for an NDR solution. We're cyber threat hunters, so we're looking to provide cyber hunting services for our clients. We're in the market for a network detection response solution so that we can monitor network traffic and analyze anomalies or anything that may be on the network that looks like normal traffic. We were using Stealthwatch to get a feel for it and to see whether or not it was going to be something that we would use in the future.

    What is most valuable?

    From what I understand, you can encrypt and unencrypt traffic moving in transit. This is one of the features that we liked about it. 

    What needs improvement?

    We didn't want to encrypt all the traffic, but there are certain things that we needed to pull out. Eventually, we determined that Stealthwatch wouldn't provide the machine learning model that we required.

    ExtraHop and Vectra both leverage artificial intelligence and machine learning. With Cisco, it looks like you have to do some provisioning. When it's pulling out, it doesn't automatically detect certain things that you're looking for. It didn't automatically pull certain communications out of the traffic so and we had to do some manual configurations to pull this stuff out. Overall, that's really the only thing. We didn't see anything else wrong with it other than that. It seemed like a pretty good product.

    In the next release, I would like to see more artificial intelligence as far as pulling out certain packets in the traffic because it's an NDR that monitors your traffic, and because there's so much traffic in general. For us, when we serve hedge funds, most of them have a lot of stuff going on their network. Transactions, talking to clients, customers, all the rest of this stuff over the wire. They've got data feeds from several sources as well — Bloomberg, Reuters. Monitoring all of that coming in and out of their network is a lot of work. I would like to have seen more artificial intelligence to detect more anomalous behavior in the network.

    A UBA feature that profiles user behaviors would also be a nice addition. They have an app, but that's not a UBA feature. It just monitors all the endpoints, etc.

    For how long have I used the solution?

    I used Cisco Stealthwatch for a 30-day trial.

    What do I think about the stability of the solution?

    We didn't notice any bugs or glitches. 

    What do I think about the scalability of the solution?

    As it's in the cloud, I would imagine that it scales easily. Still, we didn't use it long enough to worry about scaling it. 

    How are customer service and technical support?

    We only needed to contact technical support once. They were very helpful. They walked us through everything. 

    How was the initial setup?

    It was fairly easy to set up. It took us about 20 minutes to set it up. All we had to do was click a bunch of buttons and look through the documentation. The documentation is pretty straightforward. Overall, it took about 20 minutes.

    What other advice do I have?

    Overall, It seemed like a good product. Cisco's behind the name — I would recommend it. Cisco's got a suite of security and network products. I think it's pretty durable. It works for non-technical people, too. You'll have to do some fine-tuning and you probably should have experienced staff looking after it, but it's a pretty good product in my opinion.

    We're looking at other products that are more automated like Darktrace, ExtraHop, and Vectra. Any solution that cuts down the time it takes to analyze and sift through the logs, etc. I'm pretty sure that Cisco does it, but there's some fine-tuning that you'll need to do to make it fully automated to where you can cut down the time required to inspect logs and things of that nature. 

    Overall, on a scale from one to ten, I would give this solution a rating of eight. 

    Cisco is a huge company. I would imagine that they would probably try to lead the way as far as network detection systems or network detection response systems or solutions are concerned. I just thought that maybe they would have had more automated functionality because it saves time. It saves time for the analysts who have to look through all of the logs and try to correlate all of that stuff and see what's anomalous behavior, etc. 

    Clearly, there are things on the network, certain conversations you could pull out of the network, but we didn't see that. We didn't see a lot of that. We thought that that would have been included in the solution. I guess we just expected more from Cisco. 

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Chief Technology Officer at a tech services company with 51-200 employees
    MSP
    Top 20
    Excellent network monitoring for anomaly detection and evaluation
    Pros and Cons
    • "Great network monitoring, looking at anomaly detection and evaluation."
    • "The visualization could be improved, the GUI is not the best."

    What is our primary use case?

    Our primary use case of Stealthwatch is for flow analysis, to see what's running on the network and to check for anomalous behavior. Stealthwatch runs in the background and analyzes flows, producing summary reports based on the information it receives. You can look for anything that's out of place, for example, background checking on a file transfer where there's a query as to whether it's a legitimate transfer. It's quite a powerful tool that questions what's going on. We are integrators and I'm the chief technology officer. We're gold partners with Cisco. 

    How has it helped my organization?

    The solution has been beneficial because it's cut down the amount of time involved in doing complex scenarios and research. It's the virtual tap capability that enables you to get into the environment and see the traffic.

    What is most valuable?

    The best feature is the network monitoring, looking at anomaly detection and evaluation. For our operations team, a valuable feature is the ability to do the taps and access that via Stealthwatch. 

    What needs improvement?

    The visualization could be improved, the GUI is not the best. Stealthwatch was purchased from a company called Lancope and the look and feel of the tool is a little different from some of Cisco's other security tools. There could be a little bit more machine learning type capability built into it. Some competitors are coming out with material in that area and there's a significant amount of competition moving to AI that could potentially give the competition an edge if Cisco doesn't maintain investment.

    For how long have I used the solution?

    I've been using this solution for five years. 

    What do I think about the stability of the solution?

    The solution is very stable. 

    What do I think about the scalability of the solution?

    This solution is highly scalable. We have a couple of clients with fairly large networks, more than a thousand network segments that are using Stealthworks. Maintenance requirements depend on the size of the implementation and are carried out by a network engineer. It's usually a couple of hours every few months for a small client, a couple of days every few months for a larger client. It's a matter of watching interim product releases to decide when you want to move the product up. You don't want to get too far out of date, but you also don't want to implement every single upgrade.

    How are customer service and technical support?

    Technical support has been good, similar to other areas of Cisco support. 

    How was the initial setup?

    The initial setup is relatively straightforward from my standpoint, but I'm a networking guy. I imagine that there are security specific people who might find it a little bit more complicated to install. We're integrators so we carried out our own deployment. Deployment can take hours or months, depending on the size of the network.

    What's my experience with pricing, setup cost, and licensing?

    This is an expensive solution and the license is expensive. The cost is an area where a lot of clients are a little uncomfortable. The license cost is based on the size of the environment you're managing.

    What other advice do I have?

    If you have a network administrator who's been a system admin, they'll have a relatively straightforward time of it. But if you have somebody that's only been a network jockey who hasn't done any systems admin work, there'll be a learning curve. It requires a couple of different skill sets, both on the sys admin side, and being network savvy. It's solidly reliable although it can be complicated at times to run, but it's important to take into account that it's supporting a complicated environment. 

    I rate this solution an eight out of 10. 

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    PeerSpot user
    Gerald Jimenez - PeerSpot reviewer
    IT Operations Supervisor at Aboitiz Equity Ventures, Inc.
    Real User
    Top 5
    I can set thresholds to detect sudden changes and the alarms go through the PLC parts
    Pros and Cons
    • "StealthWatch lets me see the ports running in and out and the country. It has excellent reporting, telemetry, and artificial intelligence features. With the telemetry, I can set thresholds to detect sudden changes and the alarms go through the PLC parts. I can see all the ports running on that trunk."
    • "There could be better integration on the programming side, which uses Python. StealthWatch could provide a template for Python to manage the switches. For example, it would be nice if StealthWatch bounced a port automatically it detected something anomalous."

    What is our primary use case?

    We use StealthWatch for telemetry on the cybersecurity side. It's also used for CCTV, IoT, and all the other stuff that isn't connected to the network. There is a cloud version of StealthWatch, but we use the on-prem solution.

    What is most valuable?

    StealthWatch lets me see the ports running in and out and the country. It has excellent reporting, telemetry, and artificial intelligence features. With the telemetry, I can set thresholds to detect sudden changes and the alarms go through the PLC parts. I can see all the ports running on that trunk.

    What needs improvement?

    There could be better integration on the programming side, which uses Python. StealthWatch could provide a template for Python to manage the switches. For example, it would be nice if StealthWatch bounced a port automatically it detected something anomalous.

    For how long have I used the solution?

    We've been using StealthWatch for almost two years. We were the first ones to adopt it in the Philippines.

    What do I think about the stability of the solution?

    StealthWatch is a stable product. I haven't seen a technology that could match it aside from the Chinese brand Huawei. Cisco is a US brand, so I haven't seen some of these products outside of this market. 

    Who knows? Tomorrow, some company may build a newer, more stable solution, more stable one, but Cisco Stealthwatch has the most stable services today.

    What do I think about the scalability of the solution?

    The scalability is limited only by the license type. It's not a problem as long as you purchase enough licenses and the necessary services. We have 300 users.

    How are customer service and support?

    We have a service agreement with Cisco, but we haven't had that many problems with StealthWatch except for a few bugs in newly released versions. Those bugs were a bottleneck for about a year and a half, but we stabilized it about three or four months ago.

    Which solution did I use previously and why did I switch?

    We switched to StealthWatch for the orchestration features. 

    How was the initial setup?

    Setting up StealthWatch is straightforward, but you may need some specialists to integrate it with software solutions like pxGrid, DNAC, and ISE. It took us about two weeks to deploy StealthWatch, but that includes the staffing limitations due to pandemic protocols. In total, it took two months to integrate Cisco ISE, DNAC, and all our other services.

    The deployment includes about five engineers—six including me.

    What about the implementation team?

    We used some integrators, including a consultant from Cisco.

    What's my experience with pricing, setup cost, and licensing?

    We have a three-year contract with Cisco, including 24/7 online support. There are no additional costs. 

    What other advice do I have?

    I rate StealthWatch eight out of 10 overall, but I would rate it six for engineers because this is a relatively new technology with a steep learning curve for in-house and third-party engineers.

    Whether StealthWatch is a suitable solution depends on the use case and industry, but I recommend it for a company that wants solid telemetry on their end. 

    If you're just segregating and creating a sensor firewall on the switch side, you'll save money going with Cisco instead of buying a lot of firewalls to to provide segregation. It's better to use Cisco to centrally manage everything.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    PMO Department at a comms service provider with 1,001-5,000 employees
    Real User
    Top 20
    Good visibility, good integration with the Cisco switching platform, and helpful support
    Pros and Cons
    • "It provides good visibility to the customers. People are still evaluating it, but it provides visibility and helps them to take action to remediate and mitigate the issues that are highlighted on the dashboard. It has good integration with the Cisco switching platform."
    • "Stealthwatch is still maturing in AI. It uses artificial intelligence for predictions, but AI still needs to mature. It is in a phase where you get 95% correct detection. As its AI engine learns more, it will become more accurate. This is applicable to all the devices that are using AI because they support both supervised and unsupervised machine learning. The accuracy in the case of supervised machine learning is dependent on the data you feed into the box. The accuracy in the case of unsupervised machine learning is dependent on the algorithm. The algorithm matures depending on retrospective learning, and this is how it is able to detect zero-day attacks."

    What is our primary use case?

    We are a system integrator and a partner of Cisco. We are providing Network Detection and Response (NDR) solutions, and depending on a customer's requirement, we propose it. This product was launched recently, and it is new in the Cisco portfolio. We have supplied this solution to some of the customers.

    It is used for network protection for those segments that are not covered by the firewall. It is used for doing ransomware detection in terms of east-west traffic. A firewall can't detect that because it is mostly focused on north-south traffic. So, in the segments that are left out from the firewall, the StealthWatch network detection platform is able to see the malware that is sent to the devices.

    What is most valuable?

    It provides good visibility to the customers. People are still evaluating it, but it provides visibility and helps them to take action to remediate and mitigate the issues that are highlighted on the dashboard. It has good integration with the Cisco switching platform.

    What needs improvement?

    Stealthwatch is still maturing in AI. It uses artificial intelligence for predictions, but AI still needs to mature. It is in a phase where you get 95% correct detection. As its AI engine learns more, it will become more accurate. This is applicable to all the devices that are using AI because they support both supervised and unsupervised machine learning. The accuracy in the case of supervised machine learning is dependent on the data you feed into the box. The accuracy in the case of unsupervised machine learning is dependent on the algorithm. The algorithm matures depending on retrospective learning, and this is how it is able to detect zero-day attacks.

    What do I think about the stability of the solution?

    It is stable.

    What do I think about the scalability of the solution?

    It supports vertical scalability. When you size the product, you need to calculate the number of endpoints. You can add multiple regions and multiple consoles. If you are adding multiple branches, it can be easily accommodated.

    How are customer service and support?

    Cisco tech support is very helpful. They have different tech support management options.

    How was the initial setup?

    Its setup is easy. Its setup is not complex. Its implementation takes about one to two weeks. It takes about a week to gather the data, and after that, you can start doing an analysis of the gathered data.

    What's my experience with pricing, setup cost, and licensing?

    It has a subscription model. There is yearly support, and there is also three-year support. It depends on what the customers want.

    What other advice do I have?

    Cisco Stealthwatch is a good product. I would rate it an eight out of 10.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
    Flag as inappropriate
    PeerSpot user
    Network and Security with 10,001+ employees
    Real User
    Reliable, easy to expand, and offers good integration capabilities
    Pros and Cons
    • "If you are using Darktrace or NAC solutions you can integrate Stealthwatch."
    • "It's not great as a standalone solution."

    What is our primary use case?

    We are using it on-prem and there are two flow sensors on the fabric site, and one flow collector, and one management center. Stealthwatch is integrated with the Cisco ISE. We use it to monitor for any anomaly behavior and analyze results.

    Stealthwatch sends relay packets to Cisco ISE, and Cisco ISE auto-remediates behavioral analytics. Any weak spot can be quarantined or shut down. We are using the Stealthwatch and Cisco ISE integration, and it's very useful on the network.

    What is most valuable?

    I like auto-remediation. Pushing to Cisco ISE is very useful. Also, you can send all traffic, any SIEM logger, and a behavior analyst. It integrates with the ISE. 

    If you are using Darktrace or NAC solutions you can integrate Stealthwatch. However, I don't like just the Stealthwatch appliance. It's better integrated with others. 

    The solution is stable.

    It's scalable. 

    What needs improvement?

    I can't speak to any missing features. It works well for us overall. 

    It's not great as a standalone solution.

    For how long have I used the solution?

    I've been using the solution for approximately seven years. 

    What do I think about the stability of the solution?

    The solution has been stable. We haven't had issues with bugs and glitches and it doesn't crash or freeze. It's reliable. 

    What do I think about the scalability of the solution?

    It is a product that can scale as needed. 

    We have three people using it in our company right now. 

    How are customer service and support?

    We're able to reach out to support for the solution and solve technical problems. We create a ticket to send to Cisco techs. However, when the solution is down, we are able to see the network in Stealthwatch. We're able to relay issues to them and they have been able to assist us in remedying the problems. 

    How would you rate customer service and support?

    Positive

    How was the initial setup?

    The initial setup was easy for me. I know that this solution quite well. That said, a person who implements it may need to understand not only Stealthwatch. They likely use it with Cisco ISE and Cisco DNA. There would have to be knowledgeable across solutions. We have everything integrated together in the fabric.

    Typically, it takes one week to deploy the solution and get it up and running. 

    What's my experience with pricing, setup cost, and licensing?

    The solution is moderately priced. It's not overly expensive or too cheap. 

    What other advice do I have?

    We're a Cisco Gold partner. 

    I'd rate the solution eight out of ten. 

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: partner
    Flag as inappropriate
    PeerSpot user
    National Offering Lead - Security Practice at a computer software company with 501-1,000 employees
    MSP
    Good detection capabilities but integration with Cisco ISE would improve it considerably
    Pros and Cons
    • "We find that Stealthwatch can detect the unseen."
    • "It's a good solid solution but integration with Network Access Control products with Cisco ISE would be good."

    What is our primary use case?

    We are resellers, we provide solutions for our clients.

    We use Stealthwatch for network segmentation use-cases, data analytics around exfiltration, encrypted threat analytics, map phishing, scans. and as a tripwire on top of all of the other security controls that are available.

    What is most valuable?

    We find that Stealthwatch can detect the unseen. Once you have a fully deployed Cisco enterprise agreement, we can turn on Stealthwatch and usually catch the last little bit.

    What needs improvement?

    Their response capability and the ability to push out responses along with changes in the network is important. This is something lacking, they don't have a lot of that, it's a passive tool.

    Cisco Stealthwatch is reliant on NetFlow and IT6. If this platform could integrate with other sources of knowledge and true threat intelligence it would help them.

    It's a good solid solution but integration with Network Access Control products with Cisco ISE would be good.

    Cisco's ISE NAC is more of a detection and analytics tool. There are several pivots where it allows you to push policy, but those integrations are not very strong. It's an area that needs some improvement or attention.

    Anything that they could do that would be a more action-oriented process out of Stealthwatch and pushing into the network program would be valuable.

    The interface is an area that needs a bit more work, it's always been clunky.

    For how long have I used the solution?

    I have been working with Cisco Stealthwatch for approximately seven years.

    What other advice do I have?

    I would rate Cisco Stealthwatch a seven out of ten.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Buyer's Guide
    Download our free Cisco Secure Network Analytics Report and get advice and tips from experienced pros sharing their opinions.
    Updated: September 2022
    Buyer's Guide
    Download our free Cisco Secure Network Analytics Report and get advice and tips from experienced pros sharing their opinions.